Given that the EVP level is supposed to offer callers a cipher-independent
interface, where the caller doesn't necessarily know the idiosyncracies of
the underlying cipher, wouldn't it make sense for evp/e_des3.c to call
des_set_key_checked() instead of des_set_key_unchecked() and return an error
James Yonan wrote:
>
> Given that the EVP level is supposed to offer callers a cipher-independent
> interface, where the caller doesn't necessarily know the idiosyncracies of
> the underlying cipher, wouldn't it make sense for evp/e_des3.c to call
> des_set_key_checked() instead of des_set_key_un
> James Yonan wrote:
> >
> > Given that the EVP level is supposed to offer callers a
cipher-independent
> > interface, where the caller doesn't necessarily know the idiosyncracies
of
> > the underlying cipher, wouldn't it make sense for evp/e_des3.c to call
> > des_set_key_checked() instead of des
To: [EMAIL PROTECTED]
Subject: Re: EVP_CipherInit() doesn't check for weak DES keys (0.9.6)
> James Yonan wrote:
> >
> > Given that the EVP level is supposed to offer callers a
cipher-independent
> > interface, where the caller doesn't necessarily know the idiosyncra
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 03, 2002 6:39 AM
Subject: RE: EVP_CipherInit() doesn't check for weak DES keys (0.9.6)
> Good idea except the same mutate must also be performed on the "other" end
or you'll end up with a key mismatch. We don't alwa
On Wed, Apr 03, 2002 at 11:12:40PM -0700, James Yonan wrote:
>
> (b) Some kind of *optional* EVP method (so it doesn't break interoperability
> with non-OpenSSL clients) that, given an EVP_CIPHER and key, will
> deterministically mutate the key into a correct form.
Out of 2^56 DES keys, there a
> Out of 2^56 DES keys, there are four weak keys and 12 semi-weak keys.
> The odds of getting a weak key are incredibly slight. Most people
> don't bother to check, and it isn't considered a security risk.
True, weak or semi-weak keys are improbable.
I was thinking more about maintaining proper
On Thu, Apr 04, 2002 at 04:07:47AM -0700, James Yonan wrote:
>
> I was thinking more about maintaining proper key parity. Does a client of
> EVP need to worry about making sure that if DES is the underlying cipher,
> that passed keys have the proper parity?
Generally, people just ignore the par